As an alternative to using the Console for agent registration, you can use the remote registration utility, oamreg, with Oracle-provided templates.
The user of the remote registration script can be a part of any group that is mapped against the Administrator's Role in the primary user-identity store for Access Manager (Managing Data Sources).
Secure registration and creation of an Application Domain (as well as Symmetric key generation) is supported using either remote registration mode described in Table 14-7.
Table 14-7 Remote Registration Methods
Method | Description |
---|---|
In-band mode |
For Administrators within the network who manage the Web server that hosts the agent can use this mode or the Oracle Access Management Console. |
Out-of-band mode |
Administrators outside the network must submit registration requests to an Administrator within the network. After processing the request, the in-band Administrator returns the files required by the out-of-band Administrator who uses the files to configure his environment. |
Symmetric key generation per Application: One key is generated and used per registered mod_osso or 11g WebGate. However, one single key only is generated for all 10g WebGates.
Note:
Registration of legacy Agents (10g WebGate, OpenSSO, and OSSO 10g) is also supported.
Persistence of the Key and Agent Information
Generation of Keys used by internal components
API support for reading Agent information
For more information on the registration modes, see the following sections:
Registering and Managing OAM 11g Agents has additional details.
Using the remote registration tool, an in-band Web server Administrator can perform tasks for provisioning an application. Unless explicitly stated, tasks are the same regardless of the type of agent you have protecting resources.
In this overview, the term "Administrator" refers to any user within the network who is part of the LDAP group that is designated for Administrators in the Default System User Identity Store registered with Oracle Access Management.
The term out-of-band registration refers to manual registration that involves coordination and actions by both the in-band Administrator and the out-of-band Administrator.
Following is a brief overview of out-of-band remote registration (when the Agent is outside the network).
After a successful registration (or update), you must locate the Agent configuration files on the AdminServer (console) host and copy these to the Agent host.
The artifacts for Agent’s registration or update are described in Table 14-8.
Table 14-8 Agent Registration and Configuration Update Artifacts
Artifacts For ... | Description |
---|---|
Simple or Cert mode |
If Simple or Cert mode is used, certificate artifacts must also be copied to the Agent host following registration. See Also: Securing Communication |
11g OAM Agents (WebGate/Access Client) |
See Also: Registering and Managing OAM 11g Agents |
10g OAM Agents (WebGate/Access Client) |
See Also: Registering and Managing 10g WebGates with Access Manager 11g |
OSSO Agent |
|
OpenSSO Agent |